Security Vulnerabilities - CVEs Published In October 2023
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-10-25
rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-10-25
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
CVSS Score
8.0
EPSS Score
0.004
Published
2023-10-25
Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-25
Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-25
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-25
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin <= 14.45 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-25
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin <= 0.7.4 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-25
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-10-25
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-10-25